What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-10-21 15:17:51 | (Déjà vu) Administrators of bulletproof hosting sentenced to prison in the US (lien direct) | The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United States Department of Justice sentenced to prison two individuals involved in providing bulletproof hosting to various malware operations, including Citadel, SpyEye, Zeus, and the Blackhole exploit kit. The two individuals, Aleksandr Skorodumov (33) of Lithuania, […] | Malware | ||
|
2021-10-20 22:56:47 | YouTube creators\' accounts hijacked with cookie-stealing malware (lien direct) | A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. According to Google’s Threat Analysis Group (TAG) researchers, who spotted the campaign, the attacks were launched by multiple hack-for-hire […] | Malware Threat | ||
|
2021-10-19 05:18:38 | (Déjà vu) Trustwave released a free decryptor for the BlackByte ransomware (lien direct) | Trustwave's SpiderLabs researchers have released a free decryptor for the BlackByte ransomware that can allow victims to recover their files. Researchers from Trustwave's SpiderLabs have released a decryptor that can allow victims of the BlackByte ransomware to restore their files for free. The experts spotted the BlackByte ransomware while investigating a recent malware incident. The […] | Ransomware Malware | ||
|
2021-10-16 23:02:42 | Trickbot spreads malware through new distribution channels (lien direct) | TrickBot operators are back and expand the distribution channels with partnership with cybercrime affiliates. The operators behind the infamous TrickBot (ITG23 and Wizard Spider) malware have resurfaced with new distribution channels to deliver malicious payloads, such as Conti ransomware. The gang support other cybercrime groups such as known Hive0105, Hive0106 (aka TA551 or Shathak), and […] | Malware | ||
|
2021-10-16 15:42:52 | Russia-Linked TA505 targets financial institutions in a new malspam campaign (lien direct) | Russia-linked TA505 group leverages a lightweight Office file to spread malware in a campaign, tracked as MirrorBlast, aimed at financial institutions. Russia-linked APT group TA505 (e.g. Evil Corp) is leveraging a lightweight Office file in a new malware campaign, tracked as MirrorBlast, targeting financial institutions in multiple geographies. TA505 hacking group has been active since 2014 […] | Malware | ||
|
2021-10-10 13:07:19 | Security Affairs newsletter Round 335 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Previously undetected FontOnLake Linux malware used in targeted attacks Google addresses four high-severity flaws in Chrome Security […] | Malware | ||
|
2021-10-10 09:47:58 | Previously undetected FontOnLake Linux malware used in targeted attacks (lien direct) | ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that has been employed in targeted attacks. ESET researchers spotted a previously unknown, modular Linux malware, dubbed FontOnLake, that was employed in targeted attacks on organizations in Southeast Asia. According to the experts, modules of this malware family are under development and continuously improved. […] | Malware | ||
|
2021-10-07 07:53:47 | Operation GhostShell: MalKamak APT targets aerospace and telco firms (lien direct) | Operation GhostShell: Threat actors used ShellClient malware in cyberespionage campaigns aimed at companies in the aerospace and telecommunications sectors. Hackers use stealthy ShellClient malware on aerospace, telco firms Cybereason Nocturnus and Incident Response Teams discovered a new threat actor that is targeting organizations in the aerospace and telecommunications sectors with the ShellClient malware as part […] | Malware Threat | ||
|
2021-10-03 19:38:53 | TA544 group behind a spike in Ursnif malware campaigns targeting Italy (lien direct) | Proofpoint researchers reported that TA544 threat actors are behind a new Ursnif campaign that is targeting Italian organizations. Proofpoint researchers have discovered a new Ursnif baking Trojan campaign carried out by a group tracked as TA544 that is targeting organizations in Italy. The experts observed nearly 20 notable campaigns distributing hundreds of thousands of malicious […] | Malware Threat | ||
|
2021-10-02 14:17:02 | Flubot Android banking Trojan spreads via fake security updates (lien direct) | The Flubot Android malware is now leveraging fake security updates warning to trick users into installing the malicious code. Threat actors behind the Flubot Android malware are now leveraging fake security updates to trick victims into installing the malicious code. The attackers use fake security warnings of Flubot infections and urging them to install the […] | Malware Threat | ||
|
2021-10-01 14:46:22 | Hydra Android trojan campaign targets customers of European banks (lien direct) | Experts warn of a new Hydra banking trojan campaign targeting European e-banking platform users, including the customers of Commerzbank. Experts warn of a malware campaign targeting European e-banking platform users with the Hydra banking trojan. According to malware researchers from the MalwareHunterTeam and Cyble, the new campaign mainly impacted the customers of Commerzbank, Germany's […] | Malware | ||
|
2021-09-29 14:27:48 | GriftHorse malware infected more than 10 million Android phones from 70 countries (lien direct) | Security researchers uncovered a massive malware operation, dubbed GriftHorse, that has already infected more than 10 million Android devices worldwide. Security researchers from Zimperium have uncovered a piece of malware, dubbed GriftHorse, that has infected more than 10 million Android smartphones across more than 70 countries. According to the experts, the malware campaign has been […] | Malware | ||
|
2021-09-29 05:20:49 | Experts observed for the first time FinFisher infections involving usage of a UEFI bootkit (lien direct) | Experts spotted a new variant of the FinFisher surveillance spyware that is able to hijack and replace the Windows UEFI bootloader to infect Windows machines. Malware researchers at Kaspersky have spotted a new improvement of the infamous commercial FinSpy surveillance spyware (also known as Wingbird), it can now hijack and replace the Windows UEFI (Unified […] | Malware | ||
|
2021-09-28 06:27:03 | ERMAC, a new banking Trojan that borrows the code from Cerberus malware (lien direct) | ERMAC is a new Android banking Trojan that can steal financial data from 378 banking and wallet apps. Researchers from Threatfabric found in July a new Android banking trojan dubbed ERMAC that is almost fully based on the popular banking trojan Cerberus. The source code of Cerberus was released in September 2020 on underground hacking […] | Malware | ||
|
2021-09-28 05:20:26 | (Déjà vu) New BloodyStealer malware is targeting the gaming sector (lien direct) | Researchers spotted a new malware, dubbed BloodyStealer, that could allow stealing accounts for multiple gaming platforms. Researchers from Kaspersky have spotted a new malware dubbed BloodyStealer that is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, GOG Galaxy, EA Origin, and more. The infostealer is available […] | Malware Threat | ||
|
2021-09-17 10:21:58 | New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems (lien direct) | A new malware written in Golang programming language, tracked as Capoae, is targeting WordPress installs and Linux systems. Akamai researchers spotted a new strain of malware written in Golang programming language, dubbed Capoae, that was involved in attacks aimed at WordPress installs and Linux systems. The malware spread through attacks exploiting known vulnerabilities (i.e. CVE-2020-14882 […] | Malware | ||
|
2021-09-17 07:51:34 | A new Win malware uses Windows Subsystem for Linux (WSL) to evade detection (lien direct) | Security researchers spotted a new malware that uses Windows Subsystem for Linux (WSL) to evade detection in attacks against Windows machines. Security researchers from Lumen's Black Lotus Labs have discovered several malicious Linux binaries developed to target the Windows Subsystem for Linux (WSL). Windows Subsystem for Linux (WSL) is a compatibility layer for running Linux […] | Malware | ||
|
2021-09-03 13:48:42 | (Déjà vu) PRIVATELOG, a new malware that leverages Common Log File System (CLFS) to avoid detection (lien direct) | Mandiant researchers spotted a new malware family, dubbed PRIVATELOG, that relies on the Common Log File System (CLFS) to evade detection solutions. FireEye’s Mandiant cybersecurity researchers spotted a new malware family, named PRIVATELOG, that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files to avoid detection. Common […] | Malware | ||
|
2021-08-30 06:50:31 | New variant of Konni RAT used in a campaign that targeted Russia (lien direct) | So far, Konni RAT has managed to evade detection as only 3 security solutions on VirusTotal were able to detect the malware. Researchers from Malwarebytes Labs spotted an ongoing malware campaign that is targeing Russia with the Konni RAT. Security researchers at Malwarebytes Labs have uncovered an ongoing malware campaign that is mainly targeting Russia […] | Malware | ||
|
2021-08-26 22:32:41 | CISA publishes malware analysis reports on samples targeting Pulse Secure devices (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. The U.S. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. “As part of CISA's ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples […] | Malware | ||
|
2021-08-10 02:09:57 | FlyTrap, a new Android Trojan compromised thousands of Facebook accounts (lien direct) | Experts spotted a new Android trojan, dubbed FlyTrap, that compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. Zimperium’s zLabs researchers spotted a new Android trojan, dubbed FlyTrap, that already compromised Facebook accounts of over 10,000 users in at least 144 countries since March 2021. The malware was spreading […] | Malware | ||
|
2021-08-04 15:25:01 | China-linked APT31 targets Russia for the first time (lien direct) | China-linked APT31 group employed a new strain of malware in attacks aimed at entities in Mongolia, Belarus, Canada, the US, and Russia. Researchers from Positive Technologies reported that China-linked APT31 group has been using a new piece of malware in a recent wave of attacks targeting Mongolia, Belarus, Canada, the United States, and Russia. Experts […] | Malware | APT 31 | |
|
2021-08-01 08:55:45 | Security Affairs newsletter Round 325 (lien direct) | A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Crooks target Kubernetes installs via Argo Workflows to deploy miners XCSSET MacOS malware targets Telegram, Google Chrome […] | Malware | Uber | |
|
2021-07-30 06:02:08 | Meteor was the wiper used against Iran\'s national railway system (lien direct) | The recent attack against Iran's national railway system was caused by a wiper malware dubbed Meteor and not by a ransomware as initially thought. According to research from Amnpardaz and SentinelOne, the recent attack against Iran's national railway system was caused by a wiper malware dubbed Meteor and not by ransomware as initially thought. Meteor was a previously undetected strain of malware, but experts […] | Ransomware Malware | ||
|
2021-07-29 18:08:49 | BlackMatter and Haron, two new ransomware gangs in the threat landscape (lien direct) | The cyber threat landscape change continuously, recently two new ransomware-as-service (RaaS) operations named BlackMatter and Haron made the headlines. Recently, two new ransomware gangs, named BlackMatter and Haron, announced the beginning of the operations. The Haron malware was first described by the South Korean security firm S2W Lab, three day after a first sample of […] | Ransomware Malware Threat | ||
|
2021-07-29 10:54:12 | LockBit 2.0, the first ransomware that uses group policies to encrypt Windows domains (lien direct) | A new variant of the LockBit 2.0 ransomware is now able to encrypt Windows domains by using Active Directory group policies. Researchers from MalwareHunterTeam and BleepingComputer, along with the malware expert Vitali Kremez reported spotted a new version of the LockBit 2.0 ransomware that encrypts Windows domains by using Active Directory group policies. Kramez explained that this is the […] | Ransomware Malware | ||
|
2021-07-26 22:16:31 | Apple fixes CVE-2021-30807 flaw, the 13th zero-day this year (lien direct) | Apple released a security update that addresses CVE-2021-30807 flaw in macOS and iOS that may have been actively exploited to deliver malware Apple addressed a security flaw, tracked as CVE-2021-30807, in macOS and iOS that may have been actively exploited to plant malware on vulnerable devices. The vulnerability resides in the IOMobileFramebuffer, which is a […] | Malware Vulnerability | ||
|
2021-07-26 14:15:15 | Hiding Malware inside a model of a neural network (lien direct) | Researchers demonstrated how to hide malware inside an image classifier within a neural network in order to bypass the defense solutions. Researchers Zhi Wang, Chaoge Liu, and Xiang Cui presented a technique to deliver malware through neural network models to evade the detection without impacting the performance of the network. Tests conducted by the experts […] | Malware | ||
|
2021-07-25 12:27:05 | XCSSET MacOS malware targets Telegram, Google Chrome data and more (lien direct) | XCSSET macOS malware continues to evolve, now it is able to steal login information from multiple apps, including Telegram and Google Chrome. Security researchers from Trend Micro continues to monitor the evolution of the XCSSET macOS malware, new variants are able to steal login information from multiple apps, including Telegram and Google Chrome, and send […] | Malware | ||
|
2021-07-24 17:06:50 | Japanese computers hit by a wiper malware ahead of 2021 Tokyo Olympics (lien direct) | Japanese researchers spotted an Olympics-themed wiper targeting Japanese users ahead of the 2021 Tokyo Olympics. Tokyo Olympics could be a great opportunity for cybercriminals and malware authors, the US FBI warned private US companies of cyberattacks that might attempt to disrupt the 2021 Tokyo Olympics. Researchers from the Japanese security firm Mitsui Bussan Secure Directions (MBSD) […] | Malware | ||
|
2021-07-22 12:39:26 | CISA analyzed stealthy malware found on compromised Pulse Secure devices (lien direct) | U.S. CISA released an alert today about several stealth malware samples that were found on compromised Pulse Secure devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security alert related to the discovery of 13 malware samples on compromised Pulse Secure devices, many of which were undetected by antivirus products. Experts pointed out […] | Malware | ||
|
2021-07-21 14:49:49 | XLoader, a $49 spyware that could target both Windows and macOS devices (lien direct) | Check Point Research (CPR) experts have spotted a cheap malware, dubbed XLoader variant, which was upgraded to target both Windows and macOS PCs. XLoader is a very cheap malware strain that is based on the popular Formbook Windows malware. FormBook is a data-stealing malware that is used in cyber espionage campaigns, like other spyware it is […] | Malware | ||
|
2021-07-19 11:11:49 | Pegasus Project – how governments use Pegasus spyware against journalists (lien direct) | Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware. Pegasus is a surveillance malware developed by […] | Malware | ||
|
2021-07-16 09:21:08 | New enhanced Joker Malware samples appear in the threat landscape (lien direct) | The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners. Experts reported an uptick in malicious Android apps on the official Google Play store laced with the Joker mobile trojan. The Joker malware is a malicious code camouflaged as a system app and […] | Malware Threat | ||
|
2021-07-15 17:07:34 | HelloKitty ransomware now targets VMware ESXi servers (lien direct) | HelloKitty ransomware gang is using a Linux variant of their malware to target VMware ESXi virtual machine platform. A Linux variant of the HelloKitty ransomware was employed in attacks against VMware ESXi systems. The move of the ransomware gang aims at expanding the operations targeting enterprises that are largely adopting virtualizing platforms. Targeting VMware ESXi […] | Ransomware Malware | ||
|
2021-07-15 05:50:17 | macOS: Bashed Apples of Shlayer and Bundlore (lien direct) | Uptycs threat research team analyzed macOS malware threat landscape and discovered that Shlayer and Bundlore are the most predominant malware. The Uptycs threat research team has been observing over 90% of macOS malware in our daily analysis and customer telemetry alerts using shell scripts. Though these scripts have slight variations, they mostly belong to a […] | Malware Threat | ||
|
2021-07-12 14:15:12 | BIOPASS malware abuses OBS Studio to spy on victims (lien direct) | Researchers spotted a new malware, dubbed BIOPASS, that sniffs victim's screen by abusing the framework of Open Broadcaster Software (OBS) Studio. Researchers from Trend Micro spotted a new malware, dubbed BIOPASS, that sniffs the victim's screen by abusing the framework of Open Broadcaster Software (OBS) Studio. Threat actors behind the new malware planted a malicious JavaScript code on support […] | Malware Threat | ||
|
2021-07-12 07:15:03 | Magecart hackers hide stolen credit card data into images and bogus CSS files (lien direct) | Magecart hackers continuously improve their exfiltration techniques to evade detection, they are hiding stolen credit card data into images. Magecart hackers have devised a new technique to obfuscating the malware within comment blocks and hide stolen credit card data into images evading detection. Hacker groups under the Magecart umbrella continue to target e-stores to steal payment card data with […] | Malware | ||
|
2021-07-10 05:09:35 | Kaseya warns customers of ongoing malspam campaign posing as security updates (lien direct) | Threat actors are conducting a spam campaign aimed at infecting Kaseya customers, posing as legitimate VSA security updates Kaseya is warning customers of threat actors attempting to exploit the recent massive supply chain ransomware attack suffered by the company. The software provider is warning of an ongoing malspam campaign aimed at delivering malware into their […] | Ransomware Spam Malware Threat | ||
|
2021-07-07 18:28:35 | WildPressure APT expands operations targeting the macOS platform (lien direct) | WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Researchers from Kaspersky have spotted a new malware used by the WildPressure APT group to targets both Windows and macOS systems. The WildPressure was spotted for the first time […] | Malware | ||
|
2021-07-05 07:00:30 | US water company WSSC Water hit by a ransomware attack (lien direct) | US water company WSSC Water is investigating a ransomware attack that affected non-essential business systems in May. WSSC Water is investigating a ransomware attack that took place on May 24 and that targeted a portion of their network that operates non-essential business systems. According to reports from WJZ13 Baltimore, the company removed the malware just hours later and locked out […] | Ransomware Malware | ||
|
2021-06-22 07:05:17 | DroidMorph tool generates Android Malware Clones that (lien direct) | Boffins developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) and allows to create Android apps (malware/benign) clones. A group of researchers from Adana Science and Technology University (Turkey) and the National University of Science and Technology (Islamabad, Pakistan) has developed a tool dubbed DroidMorph that provides morphing of Android applications (APKs) […] | Malware Tool | ||
|
2021-06-18 22:19:56 | Vigilante malware stops victims from visiting piracy websites (lien direct) | This strange malware stops you from visiting pirate websites Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from being able to visit a large number of piracy websites. Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from visiting a large number of websites dedicated to software piracy by modifying the HOSTS […] | Malware | ||
|
2021-06-17 12:20:20 | (Déjà vu) Oleg Koshkin was convicted for operating a crypting service also used by Kelihos botnet (lien direct) | Russian national Oleg Koshkin was convicted for operating a “crypting” service used to obfuscate the Kelihos bot from antivirus software. Russian national Oleg Koshkin was convicted for charges related to the operation of a malware crypting service used by the Kelihos botnet to obfuscate malware and evade detection. “According to court documents and evidence introduced at trial, Oleg Koshkin, […] | Malware | ||
|
2021-06-17 08:53:31 | UNC2465 cybercrime group launched a supply chain attack on CCTV vendor (lien direct) | UNC2465 cybercrime group that is affiliated with the Darkside ransomware gang has infected with malware the website of a CCTV camera vendor. An affiliate of the Darkside ransomware gang, tracked as UNC2465, has conducted a supply chain attack against a CCTV vendor, Mandiant researchers discovered. UNC2465 is considered one of the main affiliated of the […] | Ransomware Malware | ||
|
2021-06-11 12:17:47 | Mysterious custom malware used to steal 1.2TB of data from million PCs (lien direct) | Experts spotted a new mysterious malware that was used to collect a huge amount of data, including sensitive files, credentials, and cookies. Researchers from NordLocker have discovered an unsecured database containing 1.2-terabyte of stolen data. Threat actors used custom malware to steal data from 3.2 million Windows systems between 2018 and 2020. The database includes […] | Malware Threat | ||
|
2021-06-07 19:16:04 | (Déjà vu) Siloscape, first known malware that drops a backdoor into Kubernetes clusters (lien direct) | Siloscape is a new strain of malware that targets Windows Server containers to execute code on the underlying node and spread in the Kubernetes cluster. Researchers from Palo Alto Networks have spotted a piece of malware that targets Windows Server containers to execute code on the underlying node and then drop a backdoor into Kubernetes […] | Malware | Uber | |
|
2021-06-05 21:11:46 | US arrested Latvian woman who developed part of Trickbot malware (lien direct) | The US Department of Justice (DOJ) announced the arrest of a Latvian woman for her alleged role in the development of the Trickbot malware. The US Department of Justice (DOJ) announced the arrest of Alla Witte (aka Max), a Latvian woman that was charged for her alleged role in the development of the Trickbot malware. […] | Malware | ||
|
2021-06-05 13:37:29 | BlackCocaine Ransomware, a new malware in the threat landscape (lien direct) | Cyble researchers investigated a recent attack on an India-based IT firm that was hit by the BlackCocaine Ransomware gang. Recently Cyber researchers for Cyble investigated an attack suffered by on May 30, 2021, by Nucleus Software, an India-based IT company in the Banking and Financial Services sector. The company reported the security breach to the Bombay Stock Exchange (BSE) and the National Stock Exchange of […] | Malware Threat | ||
|
2021-06-01 13:09:49 | Russian hacker Pavel Sitnikov arrested for distributing malware via Telegram (lien direct) | The popular Russian hacker Pavel Sitnikov was arrested by Russian authorities on charges of distributing malware via his Telegram channel. Pavel Sitnikov (@Flatl1ne), a prominent figure of the hacking underground, was arrested earlier this month by Russian authorities on charges of distributing malware via his Freedom F0x Telegram channel. The Russian hacker is a member […] | Malware |
To see everything:
Our RSS (filtrered)
